Anthropic released a comprehensive analysis on June 3, covering a full year of AI misuse tied to cyberattacks, from March 2025 through March 2026. The percentage of high-risk actors using AI for cyber operations jumped from 33% to 56%, a 1.7x increase signaling a fundamental shift in how threat actors weaponize large language models.
Researchers examined 832 banned accounts, documenting nearly 14,000 actions and 482 unique techniques mapped against the MITRE ATT&CK framework. Malware development remained the dominant use case: roughly 67% of actors used AI to build malicious software. But growth wasn’t in basic tasks-it was in complex techniques like lateral movement and credential dumping.
To quantify this evolution, Anthropic introduced the AI Risk Enablement Score (ARiES), measuring how much AI elevates a threat actor's risk profile.
Among the most alarming findings: a largely autonomous espionage campaign linked to Chinese state-sponsored actors used Claude Code to perform up to 90% of operations without human intervention. The report also flagged “vibe hacking,” where threat actors executed extortion schemes through Claude Code.
Anthropic shared its findings with Verizon for inclusion in the 2026 Data Breach Investigations Report, one of the most widely cited annual cybersecurity publications.